[rt-users] HTTP and HTTPS on same RT server?

[Danie Marais]

> -----Original Message-----
> From: Joseph Spenner [mailto:joseph85750 at yahoo.com] 
> Sent: 26 February 2008 04:23 PM
> To: Danie Marais; erkdog at fiftypounds.com
> Cc: rt-users at lists.bestpractical.com
> Subject: Re: [rt-users] HTTP and HTTPS on same RT server?
> 
> --- Danie Marais <danie.marais at attix5.com> wrote:
> 
> > Matt,
> > 
> > Maybe I am daft, but the SSL cert sites I looked at
> > listed it at $399 per
> > year.  Where can you get $20 certs?
> >  
> > 
> > > -----Original Message-----
> > > From: rt-users-bounces at lists.bestpractical.com 
> > > [mailto:rt-users-bounces at lists.bestpractical.com]
> > On Behalf 
> > > Of Matt Westfall
> > > Sent: 26 February 2008 03:56 PM
> > > To: Lutz Jaenicke
> > > Cc: rt-users at lists.bestpractical.com
> > > Subject: Re: [rt-users] HTTP and HTTPS on same RT
> > server?
> > > 
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > > 
> > > Umm, SSL Certs are $20 a year, lol
> > > 
> > > 
> 
> 
> You can generate your own SSL certs for free.  The
> only reason you'd want to buy them from Thawt ($150
> ish), or super gold plated Ferrari certificates from
> VeriSign ($900) is if you don't want browsers to
> complain due to an unknown Certificate Authority.  If
> your RT systems aren't going to be on the Internet
> and/or you don't care about the warnings, you can
> generate your own certificates using openssl, and set
> them to expire in 50 years.
> 
There is a self-signed cert on the box.  But we need to give Internet access
to customers and do not want them to get a certificate warning.  So they
must either use http or we must have a valid cert.  According to
www.thawte.com they ask $249 for a new cert and $199 for a renewal.

First prize for me would still be a http/https combination with customers
using http.